aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorOpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com>2019-02-15 10:50:36 +0100
committerGitHub <noreply@github.com>2019-02-15 10:50:36 +0100
commitd512c4d255ad0229e52804b805da119ff9075c3d (patch)
treeff4c242fd9d39766d739151431e1736ff64f89e9
parent81ace5caaca844eda4be48245590ea54bdd0cba3 (diff)
parent5f7d4ee73fdf53f912d7e31c24daf5f4c8a93327 (diff)
downloadpodman-d512c4d255ad0229e52804b805da119ff9075c3d.tar.gz
podman-d512c4d255ad0229e52804b805da119ff9075c3d.tar.bz2
podman-d512c4d255ad0229e52804b805da119ff9075c3d.zip
Merge pull request #2305 from rhatdan/tlsverify
Add tlsVerify bool to SearchImage for varlink
-rwxr-xr-xAPI.md6
-rw-r--r--cmd/podman/varlink/io.podman.varlink8
-rw-r--r--libpod/adapter/runtime_remote.go38
-rw-r--r--pkg/varlinkapi/images.go21
4 files changed, 46 insertions, 27 deletions
diff --git a/API.md b/API.md
index ce70b702c..a2d86d893 100755
--- a/API.md
+++ b/API.md
@@ -91,9 +91,9 @@ in the [API.md](https://github.com/containers/libpod/blob/master/API.md) file in
[func PausePod(name: string) string](#PausePod)
-[func PullImage(name: string, certDir: string, creds: string, signaturePolicy: string, tlsVerify: bool) string](#PullImage)
+[func PullImage(name: string, certDir: string, creds: string, signaturePolicy: string, tlsVerify: ?bool) string](#PullImage)
-[func PushImage(name: string, tag: string, tlsverify: bool, signaturePolicy: string, creds: string, certDir: string, compress: bool, format: string, removeSignatures: bool, signBy: string) MoreResponse](#PushImage)
+[func PushImage(name: string, tag: string, tlsverify: ?bool, signaturePolicy: string, creds: string, certDir: string, compress: bool, format: string, removeSignatures: bool, signBy: string) MoreResponse](#PushImage)
[func ReceiveFile(path: string, delete: bool) int](#ReceiveFile)
@@ -107,7 +107,7 @@ in the [API.md](https://github.com/containers/libpod/blob/master/API.md) file in
[func RestartPod(name: string) string](#RestartPod)
-[func SearchImages(query: string, limit: ) ImageSearchResult](#SearchImages)
+[func SearchImages(quety: string, limit: int, tlsVerify: ?bool) ImageSearchResult](#SearchImages)
[func SendFile(type: string, length: int) string](#SendFile)
diff --git a/cmd/podman/varlink/io.podman.varlink b/cmd/podman/varlink/io.podman.varlink
index d6d9936f2..697d9ed90 100644
--- a/cmd/podman/varlink/io.podman.varlink
+++ b/cmd/podman/varlink/io.podman.varlink
@@ -412,7 +412,7 @@ type Runlabel(
name: string,
pull: bool,
signaturePolicyPath: string,
- tlsVerify: bool,
+ tlsVerify: ?bool,
label: string,
extraArgs: []string,
opts: [string]string
@@ -658,7 +658,7 @@ method HistoryImage(name: string) -> (history: []ImageHistory)
# and a boolean as to whether tls-verify should be used (with false disabling TLS, not affecting the default behavior).
# It will return an [ImageNotFound](#ImageNotFound) error if
# the image cannot be found in local storage; otherwise it will return a [MoreResponse](#MoreResponse)
-method PushImage(name: string, tag: string, tlsverify: bool, signaturePolicy: string, creds: string, certDir: string, compress: bool, format: string, removeSignatures: bool, signBy: string) -> (reply: MoreResponse)
+method PushImage(name: string, tag: string, tlsverify: ?bool, signaturePolicy: string, creds: string, certDir: string, compress: bool, format: string, removeSignatures: bool, signBy: string) -> (reply: MoreResponse)
# TagImage takes the name or ID of an image in local storage as well as the desired tag name. If the image cannot
# be found, an [ImageNotFound](#ImageNotFound) error will be returned; otherwise, the ID of the image is returned on success.
@@ -679,7 +679,7 @@ method RemoveImage(name: string, force: bool) -> (image: string)
# SearchImages searches available registries for images that contain the
# contents of "query" in their name. If "limit" is given, limits the amount of
# search results per registry.
-method SearchImages(query: string, limit: ?int) -> (results: []ImageSearchResult)
+method SearchImages(query: string, limit: ?int, tlsVerify: ?bool) -> (results: []ImageSearchResult)
# DeleteUnusedImages deletes any images not associated with a container. The IDs of the deleted images are returned
# in a string array.
@@ -726,7 +726,7 @@ method ExportImage(name: string, destination: string, compress: bool, tags: []st
# "id": "426866d6fa419873f97e5cbd320eeb22778244c1dfffa01c944db3114f55772e"
# }
# ~~~
-method PullImage(name: string, certDir: string, creds: string, signaturePolicy: string, tlsVerify: bool) -> (id: string)
+method PullImage(name: string, certDir: string, creds: string, signaturePolicy: string, tlsVerify: ?bool) -> (id: string)
# CreatePod creates a new empty pod. It uses a [PodCreate](#PodCreate) type for input.
# On success, the ID of the newly created pod will be returned.
diff --git a/libpod/adapter/runtime_remote.go b/libpod/adapter/runtime_remote.go
index d0a3c5b1f..f63b5875d 100644
--- a/libpod/adapter/runtime_remote.go
+++ b/libpod/adapter/runtime_remote.go
@@ -163,7 +163,8 @@ func (r *LocalRuntime) NewImageFromLocal(name string) (*ContainerImage, error) {
func (r *LocalRuntime) LoadFromArchiveReference(ctx context.Context, srcRef types.ImageReference, signaturePolicyPath string, writer io.Writer) ([]*ContainerImage, error) {
// TODO We need to find a way to leak certDir, creds, and the tlsverify into this function, normally this would
// come from cli options but we don't want want those in here either.
- imageID, err := iopodman.PullImage().Call(r.Conn, srcRef.DockerReference().String(), "", "", signaturePolicyPath, true)
+ tlsverify := true
+ imageID, err := iopodman.PullImage().Call(r.Conn, srcRef.DockerReference().String(), "", "", signaturePolicyPath, &tlsverify)
if err != nil {
return nil, err
}
@@ -179,15 +180,21 @@ func (r *LocalRuntime) New(ctx context.Context, name, signaturePolicyPath, authf
if label != nil {
return nil, errors.New("the remote client function does not support checking a remote image for a label")
}
- // TODO Creds needs to be figured out here too, like above
- tlsBool := dockeroptions.DockerInsecureSkipTLSVerify
- // Remember SkipTlsVerify is the opposite of tlsverify
- // If tlsBook is true or undefined, we do not skip
- SkipTlsVerify := false
- if tlsBool == types.OptionalBoolFalse {
- SkipTlsVerify = true
+ var (
+ tlsVerify bool
+ tlsVerifyPtr *bool
+ )
+ if dockeroptions.DockerInsecureSkipTLSVerify == types.OptionalBoolFalse {
+ tlsVerify = true
+ tlsVerifyPtr = &tlsVerify
+
+ }
+ if dockeroptions.DockerInsecureSkipTLSVerify == types.OptionalBoolTrue {
+ tlsVerify = false
+ tlsVerifyPtr = &tlsVerify
}
- imageID, err := iopodman.PullImage().Call(r.Conn, name, dockeroptions.DockerCertPath, "", signaturePolicyPath, SkipTlsVerify)
+
+ imageID, err := iopodman.PullImage().Call(r.Conn, name, dockeroptions.DockerCertPath, "", signaturePolicyPath, tlsVerifyPtr)
if err != nil {
return nil, err
}
@@ -577,10 +584,19 @@ func (r *LocalRuntime) RemoveVolumes(ctx context.Context, c *cliconfig.VolumeRmV
func (r *LocalRuntime) Push(ctx context.Context, srcName, destination, manifestMIMEType, authfile, signaturePolicyPath string, writer io.Writer, forceCompress bool, signingOptions image.SigningOptions, dockerRegistryOptions *image.DockerRegistryOptions, additionalDockerArchiveTags []reference.NamedTagged) error {
- tls := true
+ var (
+ tls *bool
+ tlsVerify bool
+ )
if dockerRegistryOptions.DockerInsecureSkipTLSVerify == types.OptionalBoolTrue {
- tls = false
+ tlsVerify = false
+ tls = &tlsVerify
}
+ if dockerRegistryOptions.DockerInsecureSkipTLSVerify == types.OptionalBoolFalse {
+ tlsVerify = true
+ tls = &tlsVerify
+ }
+
reply, err := iopodman.PushImage().Send(r.Conn, varlink.More, srcName, destination, tls, signaturePolicyPath, "", dockerRegistryOptions.DockerCertPath, forceCompress, manifestMIMEType, signingOptions.RemoveSignatures, signingOptions.SignBy)
if err != nil {
return err
diff --git a/pkg/varlinkapi/images.go b/pkg/varlinkapi/images.go
index 534419f6f..b3090d2dd 100644
--- a/pkg/varlinkapi/images.go
+++ b/pkg/varlinkapi/images.go
@@ -313,7 +313,7 @@ func (i *LibpodAPI) HistoryImage(call iopodman.VarlinkCall, name string) error {
}
// PushImage pushes an local image to registry
-func (i *LibpodAPI) PushImage(call iopodman.VarlinkCall, name, tag string, tlsVerify bool, signaturePolicy, creds, certDir string, compress bool, format string, removeSignatures bool, signBy string) error {
+func (i *LibpodAPI) PushImage(call iopodman.VarlinkCall, name, tag string, tlsVerify *bool, signaturePolicy, creds, certDir string, compress bool, format string, removeSignatures bool, signBy string) error {
var (
registryCreds *types.DockerAuthConfig
manifestType string
@@ -337,8 +337,8 @@ func (i *LibpodAPI) PushImage(call iopodman.VarlinkCall, name, tag string, tlsVe
DockerRegistryCreds: registryCreds,
DockerCertPath: certDir,
}
- if !tlsVerify {
- dockerRegistryOptions.DockerInsecureSkipTLSVerify = types.OptionalBoolTrue
+ if tlsVerify != nil {
+ dockerRegistryOptions.DockerInsecureSkipTLSVerify = types.NewOptionalBool(!*tlsVerify)
}
if format != "" {
switch format {
@@ -441,8 +441,11 @@ func (i *LibpodAPI) RemoveImage(call iopodman.VarlinkCall, name string, force bo
// SearchImages searches all registries configured in /etc/containers/registries.conf for an image
// Requires an image name and a search limit as int
-func (i *LibpodAPI) SearchImages(call iopodman.VarlinkCall, query string, limit *int64) error {
+func (i *LibpodAPI) SearchImages(call iopodman.VarlinkCall, query string, limit *int64, tlsVerify *bool) error {
sc := image.GetSystemContext("", "", false)
+ if tlsVerify != nil {
+ sc.DockerInsecureSkipTLSVerify = types.NewOptionalBool(!*tlsVerify)
+ }
registries, err := sysreg.GetRegistries()
if err != nil {
return call.ReplyErrorOccurred(fmt.Sprintf("unable to get system registries: %q", err))
@@ -583,7 +586,7 @@ func (i *LibpodAPI) ExportImage(call iopodman.VarlinkCall, name, destination str
}
// PullImage pulls an image from a registry to the image store.
-func (i *LibpodAPI) PullImage(call iopodman.VarlinkCall, name string, certDir, creds, signaturePolicy string, tlsVerify bool) error {
+func (i *LibpodAPI) PullImage(call iopodman.VarlinkCall, name string, certDir, creds, signaturePolicy string, tlsVerify *bool) error {
var (
registryCreds *types.DockerAuthConfig
imageID string
@@ -600,8 +603,8 @@ func (i *LibpodAPI) PullImage(call iopodman.VarlinkCall, name string, certDir, c
DockerRegistryCreds: registryCreds,
DockerCertPath: certDir,
}
- if tlsVerify {
- dockerRegistryOptions.DockerInsecureSkipTLSVerify = types.NewOptionalBool(!tlsVerify)
+ if tlsVerify != nil {
+ dockerRegistryOptions.DockerInsecureSkipTLSVerify = types.NewOptionalBool(!*tlsVerify)
}
so := image.SigningOptions{}
@@ -644,8 +647,8 @@ func (i *LibpodAPI) ContainerRunlabel(call iopodman.VarlinkCall, input iopodman.
dockerRegistryOptions := image.DockerRegistryOptions{
DockerCertPath: input.CertDir,
}
- if !input.TlsVerify {
- dockerRegistryOptions.DockerInsecureSkipTLSVerify = types.OptionalBoolTrue
+ if input.TlsVerify != nil {
+ dockerRegistryOptions.DockerInsecureSkipTLSVerify = types.NewOptionalBool(!*input.TlsVerify)
}
stdErr := os.Stderr